AIMES

    Privacy Policy

    Last updated: July 2026

    Privacy Policy

    1. Introduction

    This Privacy Policy explains how AIMESSALES AB ("AIMES," "we," "us," or "our"), a company registered in Sweden, collects, uses, and protects information when you use our AI-powered sales messaging platform ("Service").

    We are committed to protecting your privacy and handling your data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

    2. Data Controller and Processor Roles

    Understanding who controls data is important for privacy compliance:

    • AIMES as Data Controller: We are the data controller for personal data about our users (organization owners, admins, and sales representatives who use our platform). This includes account information, login data, and usage analytics.

    • AIMES as Data Processor: For the business data you input into the Service (prospect information, company details, interaction notes), your organization is the data controller, and we act as a data processor on your behalf. Your organization is responsible for ensuring lawful collection and use of this data.

    3. Personal Data We Collect

    Account Information

    When you create an account, we collect:

    • Name
    • Email address
    • Password (stored in hashed form)
    • Organization name and website
    • Role within your organization

    Usage Data

    When you use the Service, we automatically collect:

    • Login timestamps and IP addresses (for security and audit purposes)
    • Feature usage patterns
    • Analysis generation requests and outcomes

    Payment Information

    Payment card details are collected and processed directly by Stripe, our payment processor. We do not store your full card number on our servers.

    4. Business Data You Input

    You may input business data into the Service, including:

    • Prospect names, titles, and contact information
    • Company information and websites
    • Interaction notes and communication summaries
    • Deal values and sales pipeline information
    • Offerings and product descriptions

    Your organization is the data controller for this business data. You are responsible for ensuring you have the right to input this data and that its use complies with applicable laws.

    5. How We Use Your Data

    We use your data for the following purposes, each with a legal basis under GDPR Article 6:

    • Service Delivery: To provide, maintain, and improve the Service (performance of contract)
    • AI Processing: To generate sales analyses and recommendations using AI (performance of contract)
    • Authentication: To verify your identity and secure your account (performance of contract)
    • Billing: To process payments and manage subscriptions (performance of contract; legal obligation for bookkeeping records)
    • Communication: To send service-related notifications and updates (performance of contract; legitimate interest)
    • Security: To detect and prevent fraud, abuse, and security incidents (legitimate interest in protecting the Service and its users)
    • Legal Compliance: To comply with applicable laws and regulations (legal obligation)

    Where we rely on legitimate interest, we have assessed that our interest is not overridden by your rights and freedoms. You may object to such processing as described in Section 9.

    6. Subprocessors and Data Sharing

    We share your data with the following third-party service providers (subprocessors) who help us deliver the Service:

    | Provider | Purpose | Location | |----------|---------|----------| | OpenAI | AI processing for analysis generation | United States | | Supabase (AWS) | Database hosting and authentication | EU (Frankfurt, Germany) | | Vercel | Application hosting and delivery | Global (edge locations) | | Stripe | Payment processing | United States / EU |

    All subprocessors are bound by data processing agreements that require them to protect your data and use it only for the specified purposes.

    7. Cookies

    We use strictly necessary cookies only. These cookies are essential for the Service to function and include:

    • Session cookies: Used to maintain your login session and authentication state. These cookies expire when you log out or after a period of inactivity.

    We do not use advertising cookies, analytics cookies, or any other non-essential cookies. Because our cookies are strictly necessary for the Service, consent is not required under GDPR.

    8. Data Retention

    We retain your data for the following periods:

    • Account data: Retained while your account is active and for a reasonable period thereafter to allow for account recovery

    • Business data: Retained while your organization's account is active. When an organization is deleted, all associated data is permanently removed after a 30-day grace period.

    • Audit logs: Login history and security events are retained for up to 12 months for security and compliance purposes

    • Authentication records: May be retained for up to 90 days after account deletion for security and fraud prevention purposes

    9. Your Rights

    Under GDPR and other applicable laws, you have the following rights regarding your personal data:

    • Access: Request a copy of your personal data
    • Rectification: Request correction of inaccurate data
    • Erasure: Request deletion of your personal data
    • Portability: Request your data in a machine-readable format
    • Objection: Object to certain processing of your data
    • Restriction: Request restricted processing of your data

    How to exercise your rights: You can update or delete your account directly through the Service settings. For data export or other requests, please contact us at info@aimessales.com. We will respond within 30 days.

    For business data: If you are a prospect whose data has been entered into our Service by one of our customers, please contact that organization directly to exercise your data rights. They are the data controller for your information.

    10. International Data Transfers

    Our primary data storage is in the European Union (AWS eu-central-1, Frankfurt, Germany), which provides strong data protection.

    Some of our subprocessors, including OpenAI, are based in the United States. When we transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, including:

    • Standard Contractual Clauses (SCCs) approved by the European Commission
    • Data Processing Agreements with all subprocessors
    • Assessment of the legal framework in the recipient country

    11. Data Security

    We implement appropriate technical and organizational measures to protect your data, including:

    • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
    • Row-level security (RLS) to ensure data isolation between organizations
    • Regular security assessments and monitoring
    • Access controls and audit logging
    • Secure authentication with hashed passwords

    12. Changes to This Policy

    We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 30 days before the changes take effect.

    Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.

    13. Contact Us

    If you have any questions about this Privacy Policy or our data practices, please contact us at:

    AIMESSALES AB
    Org. no. 559575-4291
    Rörstrandsgatan 54
    113 40 Stockholm, Sweden
    Email: info@aimessales.com

    You also have the right to lodge a complaint with a supervisory authority. In Sweden, this is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).

    © 2026 AIMES·Terms·Privacy